Information Security Management is one of the process areas in ITIL (Service Design phase). We are about to conduct a mini-assessment or audit on a client. And on this process area ONLY. Could someone shed some light on any template we can use? What are the generic high-level steps you would undertake to perform the mini audit?

Since there are no globally recognised templates for doing ISo27001, how can any one shed light on what template you should use without providing you the template - thereby doing your work for you ?

Second, we donot know what your customer has in regards to IT, IT Service Management, IT Data Manageemnt, IT Estate - Domain management - AD or what,. We also do not know which part of the world the company is located and how the country's local data protection are or are not.

In addition, you should know what to do as the high level steps for assessing a company's adherence to ISO27001 and what is missing and what is to be done next.

There -- you have the generic high level steps

Finally, I am not angry. I am embarrassed for your client. They have hired what was suppose to be a professional organisation capable of doing the ISO27001 assessment; however, they get you instead.

Oh. And I am not a consultant - neither are you by the way_________________John Hardesty
ITSM Manager's Certificate (Red Badge)